Question

Kerberos authentication with nac: change user or logout at the end system


Userlevel 2
Hello community,

I´m testing NAC authentication with kerberos from X440-G2-switches.

Hands on this article https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configured-Identity-Management-for-..., everything works fine, but I have a few questions/issues:

1. If I log on to a windows client against the AD, I see the session in the cli of the switch with show identity-management entries, but it will disappear after few minutes, even the PC is active and logged in. Is this okay?

2. After logging in to the PC, I can see the username in NAC. But when I log out from the PC, I still see the username and the end system is accepted based on this.

3. If I logout from the client and login with another user, I see the active user in the cli of the switch, but I have to reauthenticate the End System in NAC to see the other user that is currently logged in.

I think, the switch should sent something like a notification to the NAC, if users log out or there is an user change. Is this possible?

If there is a similiar post in the hub, please show me the link. I´ve searched the forum, but didn´t found any suitable topic.

Thanks in advance for your replies!

Kind Regards, Ralf

0 replies

Be the first to reply!

Reply